Whoever was one of the unfortunate ones that downloaded an ISO from the Linux Mint website (which is currently offline), may have downloaded a version that was manipulated by someone to sniff out data. Some say that the infected version relays passwords to a Bulgarian IP (heise), others say that the infected distribution comes with a backdoor (zeit). Whatever the issue may be, I wanted to assure that the versions I downloaded were not infected and went out of my way to collect all MD5 hashes I could find.
For those not familiar with MD5, it is a function that produces a seemingly random 128-bit string (commonly displayed as 32 Hex characters) from any given input data. The importance is, that this resulting string can only be generated by the same data. In fact, any modification to the input data (i.e. when it’s “hacked”) causes the resulting MD5 string to be different. So whenever one downloads a file that comes with a MD5 (also referred to as checksum) you can make sure that the bits haven’t been changed. On Mac and Linux, this test is done relatively easily:
So if you want to check whether the Mint ISO you downloaded is infected, check with that against the following official (link) MD5 hashes:
And if you were curious, yes, my 64-bit ISO was actually a hacked version. Maybe that’s why it didn’t work as seamlessly as the 32-bit distribution 😛